< Back
Add-AzureRmNetworkSecurityRuleConfig
Post
NAME Add-AzureRmNetworkSecurityRuleConfig
SYNOPSIS
Adds a network security rule configuration to a network security group.
SYNTAX
Add-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroup
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>] [-DestinationPortRange
<System.Collections.Generic.List`1[System.String]>] [-Direction {Inbound | Outbound}] -Name <String> -NetworkSecurityGroup
<PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}] [-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>]
[-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
Add-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-DestinationPortRange <System.Collections.Generic.List`1[System.String]>] [-Direction
{Inbound | Outbound}] -Name <String> -NetworkSecurityGroup <PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}]
[-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-SourceApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
DESCRIPTION
The Add-AzureRmNetworkSecurityRuleConfig cmdlet adds a network security rule configuration to an Azure network security group.
PARAMETERS
-Access <String>
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Description <String>
Specifies a description of a network security rule configuration.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address
You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationPortRange <System.Collections.Generic.List`1[System.String]>
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Direction <String>
Specifies whether a rule is evaluated on incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Name <String>
Specifies the name of a network security rule configuration.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-NetworkSecurityGroup <PSNetworkSecurityGroup>
Specifies a NetworkSecurityGroup object. This cmdlet adds a network security rule configuration to the object that this parameter specifies.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-Priority <Int32>
Specifies the priority of a rule configuration. The acceptable values for this parameter are: An integer between 100 and 4096.
The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Protocol <String>
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:
- Tcp
- Udp
- Wildcard character (*) to match both
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address.
You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourcePortRange <System.Collections.Generic.List`1[System.String]>
Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to
match any source port.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSNetworkSecurityGroup
Parameter 'NetworkSecurityGroup' accepts value of type 'PSNetworkSecurityGroup' from the pipeline
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSNetworkSecurityGroup
NOTES
1: Adding a network security group
Get-AzureRmNetworkSecurityGroup -Name nsg1 -ResourceGroupName rg1 |
Add-AzureRmNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access
Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet
-SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 |
Set-AzureRmNetworkSecurityGroup
The first command retrieves an Azure network security group named "nsg1" from resource group "rg1". The second command adds a network security
rule named "rdp-rule" that allows traffic from internet on port 3389 to the retrieved network security group object. Persists the modified Azure
network security group.
1: Adding a new security rule with application security groups
$srcAsg = New-AzureRmApplicationSecurityGroup -ResourceGroupName MyResourceGroup -Name srcAsg -Location "West US"
$destAsg = New-AzureRmApplicationSecurityGroup -ResourceGroupName MyResourceGroup -Name destAsg -Location "West US"
Get-AzureRmNetworkSecurityGroup -Name nsg1 -ResourceGroupName rg1 |
Add-AzureRmNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access
Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceApplicationSecurityGroup
$srcAsg -SourcePortRange * -DestinationApplicationSecurityGroup $destAsg -DestinationPortRange 3389 |
Set-AzureRmNetworkSecurityGroup
First, we create two new application security groups. Then, we retrieve an Azure network security group named "nsg1" from resource group "rg1".
and add a network security rule named "rdp-rule" to it. The rule allows traffic from all the IP configurations in the application security group
"srcAsg" to all the IP configurations in "destAsg" on port 3389. After adding the rule, we persist the modified Azure network security group.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ruleconfig
Get-AzureRmNetworkSecurityRuleConfig
New-AzureRmNetworkSecurityRuleConfig
Remove-AzureRmNetworkSecurityRuleConfig
Set-AzureRmNetworkSecurityRuleConfig
SYNOPSIS
Adds a network security rule configuration to a network security group.
SYNTAX
Add-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroup
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>] [-DestinationPortRange
<System.Collections.Generic.List`1[System.String]>] [-Direction {Inbound | Outbound}] -Name <String> -NetworkSecurityGroup
<PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}] [-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>]
[-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>]
[-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
Add-AzureRmNetworkSecurityRuleConfig [-Access {Allow | Deny}] [-DefaultProfile <IAzureContextContainer>] [-Description <String>]
[-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-DestinationApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-DestinationPortRange <System.Collections.Generic.List`1[System.String]>] [-Direction
{Inbound | Outbound}] -Name <String> -NetworkSecurityGroup <PSNetworkSecurityGroup> [-Priority <Int32>] [-Protocol {Tcp | Udp | *}]
[-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>] [-SourceApplicationSecurityGroupId
<System.Collections.Generic.List`1[System.String]>] [-SourcePortRange <System.Collections.Generic.List`1[System.String]>] [<CommonParameters>]
DESCRIPTION
The Add-AzureRmNetworkSecurityRuleConfig cmdlet adds a network security rule configuration to an Azure network security group.
PARAMETERS
-Access <String>
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Description <String>
Specifies a description of a network security rule configuration.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address
You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-DestinationPortRange <System.Collections.Generic.List`1[System.String]>
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Direction <String>
Specifies whether a rule is evaluated on incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Name <String>
Specifies the name of a network security rule configuration.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-NetworkSecurityGroup <PSNetworkSecurityGroup>
Specifies a NetworkSecurityGroup object. This cmdlet adds a network security rule configuration to the object that this parameter specifies.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-Priority <Int32>
Specifies the priority of a rule configuration. The acceptable values for this parameter are: An integer between 100 and 4096.
The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Protocol <String>
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:
- Tcp
- Udp
- Wildcard character (*) to match both
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceAddressPrefix <System.Collections.Generic.List`1[System.String]>
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address.
You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroup <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSApplicationSecurityGroup]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourceApplicationSecurityGroupId <System.Collections.Generic.List`1[System.String]>
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-SourcePortRange <System.Collections.Generic.List`1[System.String]>
Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to
match any source port.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSNetworkSecurityGroup
Parameter 'NetworkSecurityGroup' accepts value of type 'PSNetworkSecurityGroup' from the pipeline
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSNetworkSecurityGroup
NOTES
1: Adding a network security group
Get-AzureRmNetworkSecurityGroup -Name nsg1 -ResourceGroupName rg1 |
Add-AzureRmNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access
Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet
-SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 |
Set-AzureRmNetworkSecurityGroup
The first command retrieves an Azure network security group named "nsg1" from resource group "rg1". The second command adds a network security
rule named "rdp-rule" that allows traffic from internet on port 3389 to the retrieved network security group object. Persists the modified Azure
network security group.
1: Adding a new security rule with application security groups
$srcAsg = New-AzureRmApplicationSecurityGroup -ResourceGroupName MyResourceGroup -Name srcAsg -Location "West US"
$destAsg = New-AzureRmApplicationSecurityGroup -ResourceGroupName MyResourceGroup -Name destAsg -Location "West US"
Get-AzureRmNetworkSecurityGroup -Name nsg1 -ResourceGroupName rg1 |
Add-AzureRmNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access
Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceApplicationSecurityGroup
$srcAsg -SourcePortRange * -DestinationApplicationSecurityGroup $destAsg -DestinationPortRange 3389 |
Set-AzureRmNetworkSecurityGroup
First, we create two new application security groups. Then, we retrieve an Azure network security group named "nsg1" from resource group "rg1".
and add a network security rule named "rdp-rule" to it. The rule allows traffic from all the IP configurations in the application security group
"srcAsg" to all the IP configurations in "destAsg" on port 3389. After adding the rule, we persist the modified Azure network security group.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ruleconfig
Get-AzureRmNetworkSecurityRuleConfig
New-AzureRmNetworkSecurityRuleConfig
Remove-AzureRmNetworkSecurityRuleConfig
Set-AzureRmNetworkSecurityRuleConfig